Archiving II

To: <xtech>

Subject: Archiving II

From: Eric Dean Tribble <tribble>

Date: Mon, 22 Oct 90 23:15:21 PDT

System Operations:
believeable copy - make a copy that a backend can reconnect properly
retrievable/believeable copy - make a copy that the backend knows how
to get ahold of.
mark purgeable - allow some document to get purged.
restore believeable copy - reconnect a believeable copy (this requires
the ability to specify the clubs of documents that can be restored,
for instance).
set funding levels - the system administrator gets to assign how much
funding every clubs has.
User operations:
copy - this is like copy in your frontend. get the contents but
nothing else.
believeable copy - same as above.
sponsor - set the current bid for space for a given document and set
the decay rate of that bid. This typically adds to the current bid,
but could be used to reduce it.
abandon - remove all you sponsoring from a given document.
backfollow filtered by sponsorship - this is an added filter for
backfollow. This might or mgiht not exist.
believeable copies probably include endorsements
retrievable copies probably include permissions
The copy operations take a list of IDs and probably return and Orlg
that the user can read. Then the normal incremental reading
operations can be used to gradually pull the contents over the wire.
When a user adds sponsorship to a document, if funds are available in
the pool sponsorship pool he's using, they come from there.
Otherwise, all previous bids get reduced (their escalator moves back)
and the funds get reassigned to the newly (re) sponsored document.
(This is the normal case, since users probably use their entire
allotment).
The simplest way to get believeable caopies is for every backend to
share an encryption key. The believable copy operation then generates
an encrypted representation of the copied documents and their
interconnections. An advantage of this is that the system
administrator can make retrievable tapes of stuff that he can't read.
This is not particularly secure because the key has to be embedded in
the code somewhere, but it will help some. Real security still
depends on getting tapes only from places that you trust.
When a document gets purged from the disk, all sponsorship money for
it is returned to the appropriate pools (or used to increase other
bids from that pool), and all representation of sponsoring that
document is thrown out.
I don't know very much yet about backfollowing in to the archive (the
retrievable tapes).
dean